Type 7 passwords: Type 7 passwords uses the Vigenère cipher encryption algorithm, which is known to be weak. The enable secret and username username secret commands use type 5 passwords. These passwords are easily reversible with tools available on the Internet. Type 5 passwords: Type 5 passwords use an MD5 hashing algorithm. Type 0 passwords should not be used in a production environment. The enable password command uses type 0 passwords. Type 0 passwords: Type 0 passwords are not encrypted and are stored in plaintext in the device configuration. EXAMPLE 6.1 Console, Auxiliary, and vty Lines in the Running Configuration R1#īefore we look at how to protect access to Cisco IOS EXEC modes, let’s take a look at the five different types of passwords available in Cisco IOS: Once you are in the line configuration mode, you can set the protocol you will be connecting over (for example, SSH).Įxample 6.1 shows the console, auxiliary, and vty lines in the running configuration that are available on R1. You use the line vty line-number global configuration command to enter line configuration mode to configure options such as a password for remote CLI sessions. Remote CLI sessions use lines that are referred to as vty lines. ![]() You use the line console 0 global configuration command to enter line configuration mode to configure options such as a password for the console port. With Cisco IOS networking devices, the word “lines” is used to refer to the software components that manage local and remote CLI sessions. Encrypting the session traffic with SSH prevents anyone who may have intercepted the traffic from decoding it. SSH provides encryption for the session traffic between the local management device and the networking device you are managing. SSH is a more secure alternative to Telnet. The exceptions are tasks that interact directly with the console port (such as recovering from a corrupted operating system by uploading a new OS image over the console port) and interacting with the networking device when it is in ROMMON mode. Most of the tasks required to configure and manage a networking device can be done using a remote CLI session. Terminal lines and remote CLI sessions: A remote CLI session is created between a host and a networking device by using a remote terminal access application, such as Telnet or SSH. ![]() In most cases, this should be disabled with the no exec command under line aux 0. Some devices have an auxiliary (aux) port for remote administration through a dial-up modem. The type of cable and connectors required and the settings for the terminal emulation application depend on the type of networking device that you are configuring. The most common method for establishing a local CLI session is to connect a laptop to the console port of the networking device and then launch a terminal emulation application, like Putty, on the computer. All of the tasks needed to configure and manage a networking device can be done using a local CLI session. Local CLI sessions start in user EXEC mode. Local CLI sessions: Local CLI sessions require direct access to the console port of the networking device. You can establish IOS CLI sessions on Cisco IOS devices in two ways: Requiring users to log in to a networking device with a usernameĬhanging the privilege levels of commands to create new authorization levels for CLI sessions Using different levels of authorization for CLI sessions to control access to commands that can modify the status of the networking device and for commands that are used to monitor the device Scalability and standardized authentication methods using RADIUS and TACACS+ Cisco IOS CLI Session OverviewĬisco IOS software provides several features that you can use to implement basic security for network devices’ command-line sessions. Configure passwords for local and remote CLI sessions.Ĥ. ![]() What are two of the high-level benefits of using a remote AAA server over local AAA services on each network device individually?ġ. What protocol does TACACS+ use for communication between a TACACS+ client (network device) and a TACACS+ server?Ĥ. Which command option on remote CLI sessions is used to limit the session to use only a secure connection method?ģ. What are the first steps in securing user EXEC access to allow for secure network device access?Ģ. If you are in doubt at all, read everything in this chapter!ġ. If you can correctly answer these CramSaver questions, save time by skimming the Exam Alerts in this section and then completing the CramQuiz at the end of each section and the Review Questions at the end of the chapter.
0 Comments
Leave a Reply. |